Security Management Strategies for the CIOAccess "Attackers zero in on Web application vulnerabilities"
This article is part of the January/February 2010 issue of Filling the data protection gap
When users of link sharing and discussion website MetaFilter detected malicious code transforming benign webpages into a drive-by attack platform, Matthew Haughey raced to fix the security flaw. Haughey, a programmer and Web designer who started the site in 1999, soon figured out the problem: a standard SQL injection attack targeting a poorly coded Web application that he built when the website first went live. It was his first Web application and Haughey admits that it failed to filter out variables from the URL. "Someone discovered it, exploited it, and wreaked havoc," says Haughey, recalling the incident, which took down parts of the website last year. "It took us about two days to plug up the holes on every page and make sure every read of every URL was safe." Security experts say problems such as this are happening on websites all over the Internet at an alarming rate. Web application vulnerability flaws account for more than 80 percent of the vulnerabilities discovered, according to the SANS Institute. In many cases, attackers exploit a Web application... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
New data protection laws
by Richard E. Mackey, Jr., Contributor
Massachusetts 201 CMR 17.00 and Nevada's data protection law establish new standards for personal data protection
-
Disaster recovery plans and DLP solutions top 2010 priorities
Disaster recovery plans, DLP solutions, and regulatory compliance are top enterprise priorities, according to Information Security's Priorities 2010 survey
-
New data protection laws
by Richard E. Mackey, Jr., Contributor
-
-
Endpoint DLP fills data protection gap
by Rich Mogull
Learn how endpoint data loss prevention technology complements network DLP and secures data that users interact with on laptops, mobile and portable storage devices.
-
Attackers zero in on Web application vulnerabilities
Secure coding and vulnerability scanning could mitigate many Web application attacks
-
Endpoint DLP fills data protection gap
by Rich Mogull
-
Columns
-
Perspectives: Pet information security risks
by Ron Woerner
IT and security managers often make the mistake of being consumed with a specific risk or threat to the detriment of security
-
Schneier-Ranum Face-Off: Should we ban anonymity on the Internet?
Security experts Bruce Schneier and Marcus Ranum debate the possibility of eliminating anonymity on the Internet.
-
Leverage Google Attacks to Improve Cybersecurity
China's hacker attacks against Google's infrastructure, including Gmail accounts of human rights activists as well as Google's source code, should be used to educate enterprises about the reality of cyberespionage from nation states and organized criminals.
-
Perspectives: Pet information security risks
by Ron Woerner
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...